Menu
What's new
By:
Filters Better Search

OVPN file not working?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

LoloBond

Occasional Visitor
Hello all,

I'm having some issues using ovpn files on my Asus AC68U/Merlin fw. I upload the file, the connection with the server starts, it shows on the server that my router is connected but my devices have no internet.

Jun 2 23:02:47 rc_service: httpd 456:notify_rc start_vpnclient2
Jun 2 23:02:47 kernel: tun: Universal TUN/TAP device driver, 1.6
Jun 2 23:02:47 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Jun 2 23:02:48 openvpn[11847]: OpenVPN 2.3.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 28 2015
Jun 2 23:02:48 openvpn[11847]: library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.09
Jun 2 23:02:48 openvpn[11847]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 2 23:02:48 openvpn[11847]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jun 2 23:02:48 openvpn[11848]: UDPv4 link local: [undef]
Jun 2 23:02:48 openvpn[11848]: UDPv4 link remote: [AF_INET]104.xxx.xx.xx:1194
Jun 2 23:02:48 openvpn[11848]: TLS: Initial packet from [AF_INET]104.xxx.xx.xx:1194, sid=b6146245
Jun 2 23:02:49 openvpn[11848]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
Jun 2 23:02:49 openvpn[11848]: VERIFY OK: nsCertType=SERVER
Jun 2 23:02:49 openvpn[11848]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=me@myhost.mydomain
Jun 2 23:02:49 openvpn[11848]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 2 23:02:49 openvpn[11848]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 2 23:02:49 openvpn[11848]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 2 23:02:49 openvpn[11848]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 2 23:02:49 openvpn[11848]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jun 2 23:02:49 openvpn[11848]: [server] Peer Connection Initiated with [AF_INET]104.xxx.xx.xx:1194
Jun 2 23:02:52 openvpn[11848]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jun 2 23:02:52 openvpn[11848]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.38 10.8.0.37'
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: timers and/or timeouts modified
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: --ifconfig/up options modified
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: route options modified
Jun 2 23:02:52 openvpn[11848]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jun 2 23:02:52 openvpn[11848]: TUN/TAP device tun12 opened
Jun 2 23:02:52 openvpn[11848]: TUN/TAP TX queue length set to 100
Jun 2 23:02:52 openvpn[11848]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jun 2 23:02:52 openvpn[11848]: /usr/sbin/ip link set dev tun12 up mtu 1500
Jun 2 23:02:52 openvpn[11848]: /usr/sbin/ip addr add dev tun12 local 10.8.0.38 peer 10.8.0.37
Jun 2 23:02:52 openvpn[11848]: updown.sh tun12 1500 1542 10.8.0.38 10.8.0.37 init
Jun 2 23:02:52 rc_service: service 11879:notify_rc updateresolv
Jun 2 23:02:52 dnsmasq[11832]: read /etc/hosts - 5 addresses
Jun 2 23:02:52 dnsmasq[11832]: using nameserver 8.8.8.8#53
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 104.xxx.xx.xx/32 via 69.xxx.xxx.x
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.37
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.37
Jun 2 23:02:54 openvpn[11848]: /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.37
Jun 2 23:02:55 openvpn-routing: Skipping, not in routing policy mode
Jun 2 23:02:55 openvpn[11848]: Initialization Sequence Completed


TIA!
 
have you used the policy routing mode at all? if so, some problems with rules being enforced even though you're not using policy routing mode right now.

ssh into your client here and type "ip rule show" to see if there are residual rules from policy routing.
 
cosmoxl said:
have you used the policy routing mode at all? if so, some problems with rules being enforced even though you're not using policy routing mode right now.

ssh into your client here and type "ip rule show" to see if there are residual rules from policy routing.
Click to expand...

thanks for replaying. I was able to get an answer from another user (moebis) and it looks like the ovpn file don't make any changes to "Accept DNS Configuration"... after changing to strict it started working.
 
LoloBond said:
it looks like the ovpn file don't make any changes to "Accept DNS Configuration"... after changing to strict it started working.
Click to expand...

It does not, because that's not an OpenVPN configuration setting, it determines how the firmware will configure dnsmasq.
 
the log showed that google (8.8.8.8) was being used, so I figured that should work.

BTW, you can specify DNS in ovpn config files. however, you'll still have to use a setting other than "disabled" for the "accept DNS config" option in the GUI.

dhcp-option DNS <dns_server_ip_address>
 
RMerlin said:
It does not, because that's not an OpenVPN configuration setting, it determines how the firmware will configure dnsmasq.
Click to expand...
cosmoxl said:
the log showed that google (8.8.8.8) was being used, so I figured that should work.

BTW, you can specify DNS in ovpn config files. however, you'll still have to use a setting other than "disabled" for the "accept DNS config" option in the GUI.

dhcp-option DNS <dns_server_ip_address>
Click to expand...

thank you both for your input.

VPN is finally working! I did OC a bit to improve speeds. very happy, thanks!
 
You must log in or register to reply here.

Similar threads

T
[Help] Problems setting up OpenVPN
Replies
7
Views
342
Thookie
T
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
C
OVPN Timeout "SIGUSR1[soft,ping-restart]"
Replies
0
Views
2K
callefreddan
C
L
Merlin 388.1 and Mulvad
Replies
2
Views
2K
linkwellfook
L
V
Unable to get NordVPN to work with Asus RT-AX82U
Replies
1
Views
1K
Befuddled
B
Similar threads
Thread starter Title Forum Replies Date
D Import long ovpn file Asuswrt-Merlin 3
skeal Solved No Right Side Scroll Bar When Remoting Into AC68U/AC1900 By OVPN Asuswrt-Merlin 14
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
C OVPN server setup problem Asuswrt-Merlin 7
M merlin 386.1, ovpn client 3.4.1, "error:0A00018E:SSLroutines::ca mtd too week [ERR]" Asuswrt-Merlin 3
S No file transfer to USB drive Asuswrt-Merlin 3
D File Copied to JFFS Partition Gets Deleted Automatically Asuswrt-Merlin 5
U File Timestamps are 2 hours ahead in FTP server Asuswrt-Merlin 17
C Firmware File? Asuswrt-Merlin 17
C Running dnsmasq with a huge config file like pihole - possible/sensible? Asuswrt-Merlin 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 570 (members: 19, guests: 551)
Top